mirror of
https://github.com/certbot/certbot.git
synced 2026-06-08 16:22:18 -04:00
added doc. on postfix version dependent features
This commit is contained in:
Aaron Zauner
parent
e42a222c5d
commit
1cde7f9b54
1 changed files with 38 additions and 1 deletions
|
|
@ -162,6 +162,7 @@ class PostfixConfigGenerator:
|
|||
stdout=subprocess.PIPE) \
|
||||
.communicate()[0].split()[2]
|
||||
maj, min, rev = mail_version.split('.')
|
||||
self.postfix_version = mail_version
|
||||
|
||||
# Postfix has changed support for TLS features, supported protocol versions
|
||||
# KEX methods, ciphers et cetera over the years. We sort out version dependend
|
||||
|
|
@ -169,8 +170,44 @@ class PostfixConfigGenerator:
|
|||
# see:
|
||||
# http://www.postfix.org/TLS_README.html
|
||||
# http://www.postfix.org/FORWARD_SECRECY_README.html
|
||||
self.postfix_version = mail_version
|
||||
|
||||
# Postfix == 2.2:
|
||||
# - TLS support introduced via 3rd party patch, see:
|
||||
# http://www.postfix.org/TLS_LEGACY_README.html
|
||||
|
||||
# Postfix => 2.2:
|
||||
# - built-in TLS support added
|
||||
# - Support for PFS introduced
|
||||
# - Support for (E)DHE params >= 1024bit (need to be generated), default 1k
|
||||
|
||||
# Postfix => 2.5:
|
||||
# - Syntax to specify mandatory protocol version changes:
|
||||
# * < 2.5: `smtpd_tls_mandatory_protocols = TLSv1`
|
||||
# * => 2.5: `smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3`
|
||||
# - Certificate fingerprint verification added
|
||||
|
||||
# Postfix => 2.6:
|
||||
# - Support for ECDHE NIST P-256 curve (enable `smtpd_tls_eecdh_grade = strong`)
|
||||
# - Support for configurable cipher-suites and protocol versions added, pre-2.6
|
||||
# releases always set EXPORT, options: `smtp_tls_ciphers` and `smtp_tls_protocols`
|
||||
# - `smtp_tls_eccert_file` and `smtp_tls_eckey_file` config. options added
|
||||
|
||||
# Postfix => 2.8:
|
||||
# - Override Client suite preference w. `tls_preempt_cipherlist = yes`
|
||||
# - Elliptic curve crypto. support enabled by default
|
||||
|
||||
# Postfix => 2.9:
|
||||
# - Public key fingerprint support added
|
||||
# - `permit_tls_clientcerts`, `permit_tls_all_clientcerts` and
|
||||
# `check_ccert_access` config. options added
|
||||
|
||||
# Postfix <= 2.9.5:
|
||||
# - BUG: Public key fingerprint is computed incorrectly
|
||||
|
||||
# Postfix => 3.1:
|
||||
# - Built-in support for TLS management and DANE added, see:
|
||||
# http://www.postfix.org/postfix-tls.1.html
|
||||
|
||||
return maj, min, rev
|
||||
|
||||
def more_info(self):
|
||||
|
|
|
|||
Loading…
Reference in a new issue